Privatefirewall VERSION 7.0.20.47

No problem, would be happy to help.
I can connect it to the other machine but I'm not in the mood to do that right now, maybe later or in day or two.
You can in the meantime tell me what I need to do when that happens.
I guess share some folders , make sure that they are visible on both machines , and then try grc or pcflank, am I right ?
When I do that, I'll try it first with default firewall settings and report it.
After that you can tell me what settings are you running so we can compare.

 

@Stem I was reponding to pabrate. I don't recall him being behind a router.
When I responded I forgot to quote. Sorry for the mistake.

@pabrate If you do test with a Home Group enabled, be sure to test your machine, if you are behind a router set the PC on the DMZ or what ever security settings you have to bypass to get to actually test your pc.

Martin.-

 

You will need to check your settings.

I presume you are connected directly to the Internet?
I have only looked at this on an XP setup, so there may be some difference for other OS?

Open PF and on the "Main Menu" make sure that both "Internet Security" and "Network Security" are set to "High". Under "Network Security" press "Sites", any IP range you see should be set as "Untrusted Network"

On the "Applications", double click "Generic Host Process"(svchost) Find the rules(there are 2) that are for "Location service" select one of those rules and then select "Modify" In the popup window, change the rule to "This rule will Deny Traffic", press OK, do the same for the other rule. Then check to see if there are any other rules that are showing port 135, if yes, then make sure they are set to "Deny".



- Stem

 

No problem, Sorry I made an incorrect assumption as to who you where replying to.


I have been making some scans against this firewall (on an XP setup), out of the box settings do leave the firewall open and certainly not recommended for direct connection to the Internet.


- Stem

 

I'm not behind a router.
I have cable modem there for net connection.

OK, I'll report when I do that.

 

my private firewall in present settings passes all tests

 

Ok, after much scanning, and finally getting a couple of programs that I can use
myself to see what is going on, my ports seem to be closed/secure.
My home profile is set Internet Security--high and Network Security---low.

I have my net security low because I do have local file sharing among my
wife and sons' laptop systems. I have an external drive connected to my system
that they both access for movies, games, music, and whatever else I dump into
it.

So, after quite a few hours of probing/scanning, i have determined that my system
is probably as secure as I can get it with out hiring an IT dept.

Here is a screenshot for the heck of it.

 

@MasterTB,

I did it and all ports are stealthed.
Scenario :
Main machine : Win7 32-bit , IP address : 192.168.0.1 , shared two folders
Second machine : WinXP , IP address : 192.168.0.2 , shared two folders

PrivateFW detected 192.168 network and I put it in Trusted network.
I can see all shared folders both from main and other machine, everything works fine.

Then on Main machine I tested open ports with Pcflank (advanced port scanner) and all ports are stealthed.
Then I tried GRC ShieldsUP with All Service Ports test and it was all green.

PrivateFW was not touched after installation so everything is like it comes (default).

if I missed something or you want me to try something let me know.

 

Has anyone tested PFW as to how well its HIPS component does with respect to alerting the user to keylogger threats?

A very good, multi-faceted keylogger test is at...
HERE -- scroll to bottom where you see "Test security of your PC" -- under that is a download link for the test.

I would test PFW myself but -- due to tech problems -- I'm not set up for testing right now. (sigh)

I hope someone feels inclined to test PFW. (Online Armor does well against keyloggers. I hope PFW does as well or better.)

 

Just tried it on my other XP SP3 machine. Keylogging was prevented but Webcam capture, Screenshot, Clipboard monitoring, System Protection (registry value added), and sound record all failed.

I'll try it a couple more times later to see if the same results are replicated.


EDIT: Also, didn't hear a peep out of Microsoft Security Essentials which I have on that machine.

 

I don't know what to tell you.
I'm glad that you have all tests passed but your setup and mine are not the same. I don't share folders individually, I enable Home Group and windows automatically shares all libraries that I tell it to share, that also enables Multimedia Streaming on the Home LAN via the WMP Network Services -which is one of the services causing problems-.

I have tested my setup against all web tests with the Windows Firewall -all Stealth- PC Tools -all stealth- an with PFW with the results shared here.

I guess having the Home Group enabled makes windows more susceptible to answer to unsolicited requests and thus the firewall allows them because Microsoft's apps are on the trusted side.

I did test PFW on a friends machine with XP SP3, and some shares -he brought the PC over- and he had all stealth. So I guess -again- the issue is related to how the Home Group works and how windows and PFW interact when that happens.

I will share this on my support ticket with Privacyware to see what they tell me about it.

Attached you'll see a txt from Microsoft with ports and requirements necessary to make a Home Group work, and it is far more complicated than people thinks.

Thanks for all the testing you've done.

 

I think Home Group was enabled but I'll try it again and confirm that it is enabled. I'll make a screenshot.
Since I never used Home Group I forgot to do that, instead I did it old way (both computers are on same workgroup, fodlers are shared manually, I access computers via Network->Workgroups, login screen appears, I enter login details) and that's that.

But even if it wasn't enabled, sharing was working, so in order for that to work ports must be open (137,139) , so for testing perposes I think it's kind of same doing it with or without Home Group.

 

Yes pabrate but, on that case, the service using ports 135, 137, 139 and or 445 on some cases is Svchost, and what is causing problems in PFW is a rule for System Services that enables incoming connections for Netbios Sessions (client), Microsoft DS (Server) and Microsoft DS (Client), including occasionally also for WMP Network Service on port 554 that's why you have stealth and I don't at least that is what we (Support for PFW and I) have come to understand from all this issues.

I don't think it is an isolated issue happening to just me because they are heavily looking into it.

In any case, following their advice I have managed to close all holes and secure my systems for the time being, hoping that the next version will improve on rules handling.

 

You are right, we have something going on here.
Home Group is enabled, I can't join it from other machine because there is no Win7 installed but that's not important for this.
First I tested with PCFlank (but only standard ports, should have done full but it's ok).
GRC ShieldsUP found two ports open.
I'm pretty sure I've covered everything but if there is something else you want me to try please let me know.
And because pictures says more than words, here they are :

 

Just a question..
From what I understand - PFW should complete training before being tested, is that right? I've seen a few videos which test it straight out the box day 1 and thought that it was the wrong way to go out it.

 

Rofl..well..tried to download it...see the screenshot for the results.

 

It's an FP. AntiTest is a Proof of Concept (POC) that IMITATES several types of keyloggers. It also imitates certain types of malware in order to test System Protection.

These are imitations -- not really malware. Avira's heuristics or behavioral module(either one or both) will almost always pop an alert on POCs. POCs act like, smell like, & look like malware because -- if they didn't -- there would be no test.

 

LOL, oh, I am certain that the file is a simulation..kinda like the test code for Eicar.
It is just nice to know that my stuff is working

 

Ok.

I received a mail from Greg at PFW Support and this is what they've been up to:

"...Aside from the default rules issue, we are grappling with enhanced packet inspection and, of course, IPv6 support, so have our hands full. My guess is that we’ll have an intermediate update that at least addresses some of the logic in the default rules (if nothing else, tightening the logic up for the remote profile, as you even suggested). I’ll keep you posted..."

I hope he doesn't mind me posting this but I promised to keep everyone posted.
I believe this also answers to johncage who asked If they planned to support IPv6..

Martin.-

 

Thanks for the update.

I am hoping that they will also make a way for us to export/save PFW's rules & configs.

 

Hola Stem,
The potential import of your post just now sunk into my pea brain.

What do you mean by "not recommended for direct connection to the Internet."? Are you saying that PFW gives inadequate protection in default mode? If so, PLEASE share your recommended settings.

 

I used to use Kerio 2.15, and it was perfect for my needs. But it proved to be incompatible with XP sp3 on both of my machines, so I went FW shopping.

I then ran PCTools Plus firewall, but it started freezing on me when I went to look at Applications in it. That, plus only paid support and no forum access (my email address was banned, though I can't remember ever posting there, and certainly not doing anything wrong) led me to uninstall it.

Now I'm on PrivateFirewall, and it seems to be doing what I want - basic protection, HIPS, and light weight.

The only limitation I just discovered is that there is no way to see transfer rates in real time. I've noticed a frequent small access of the Internet - maybe every six seconds and lasting one second. An Avast scan came up empty, and I don't think I have a security problem, but I want to know what is accessing the Net so often, and I don't see how to do it in PFW.

 

Just tried this firewall. I ditched KIS because of it making my system lag. I got this firewall and trying MSE. I like it but I am getting disconnected every so often. I have the firewall set to ask me when a program tries to get on the net. I wish they had more support than just opening a support ticket, like a forum.

 

Try process monitor from Sysinternals. Any packet sniffer should work as well... probably even SmartSniff from NirSoft.

 

I probably will need to use another app to do this. Process Monitor seems a bit heavy for my needs though. I just want to see which connections are transferring at what rates.